PDA

View Full Version : Registry change warning



roger.t
2008-02-05, 10:48
I'm new to this, so hope this my second attempt gets posted. I installed Spybot a fortnight ago (I have Vista), since when I have had a warning box appear every time I boot up saying that an important registry entry has been changed, and asking me to choose Allow; ?; Info; Deny Change. I have been choosing Allow, and things seem to work OK. But should I, and am I going to be pestered with this message for the rest of my life? The detailed message says:
'Category: System startup global entry. Change: Value changed. Entry: Windows Defender. Old data: [a line of gobbledegook]. New data: %Program Files%\Windows Defender\MSAScui.exe.hide'
Being only moderately computer literate, I should be very grateful for some advice.

spybotsandra
2008-02-05, 14:19
Hello,

Please read this information about TeaTimer:
http://www.safer-networking.org/en/faq/33.html
and http://www.safer-networking.org/en/faq/34.html
If you surf the web and without any user interaction the teatimer pops up and warns about a registry change it is better to "deny", but if you install something by yourself it is OK to "allow" the change.

Best regards
Sandra
Team Spybot

roger.t
2008-02-05, 18:43
Thanks for the swift reply. Presumably since I installed the Spybot program, I can click onto the option to 'Allow' the registry change to take place and then click on 'Remember this' in the hope the warning box will go away and not appear again, as it gets a bit tedious clicking on 'Allow' every time.
My understanding (limited) is that changes to the Registry can be dodgy, that's why I am making this enquiry. The links that you provided didn't mean much to me. Remember, I find computers and computer-speak challenging!!
Regards,
Roger

129260
2008-02-05, 19:32
basically, every time you install a new program, or make a system change, you will get that notice from teatimer. click remember and allow if you made the changes. hit deny if you browse the web with just your browser and u arnt installing anything, and it says something changed. k? hope thats even simpler a rule for you to follow. :)

roger.t
2008-02-06, 00:28
I'm most grateful for your reply. Being so ignorant is a bit embarassing, but it's good to know there are some patient folk around ready to help. I hadn't heard of TeaTimers before yesterday!

Cheers,

Roger

MitchK
2010-01-09, 17:41
I've had Spybot for many years, always install the latest version and keep updates current. Recently, I've noticed that I don't get any Teatimer warnings anymore...for anything. Yet, in the log, it shows all kinds of changes, "allowed by user decision". I don't recall making any decision. Can anyone tell me why this is happening? Did I miss the newsletter?

drragostea
2010-01-10, 04:58
Mitch, we have two situations.

Yet, in the log, it shows all kinds of changes, "allowed by user decision".
Either you have ticked "Allow" on a specific registry change and ticked "Remember my Decision" (this is what induces the quote 'allowed by user decision') or you have just allowed the change itself.
-
Situation two, the newer builds of TeaTimer uses whitelisting, thus legitimate changes that are safe will be automatically allowed (less prompts). The old TeaTimer prompts you on every change that has occurred. That is also included in the newer builds, and the user can switch to that everytime. Right click the TeaTimer icon in your Windows Taskbar and click "Paranoid" Mode.

You can always switch back and forth and see how it goes.

MitchK
2010-01-10, 18:38
Thanks, drragostea,

I suspected things have changed. However, since the current installation of Spybot, I have NEVER received any warnings, so checking "remember my decision" would not have occurred. Further, when I look at the whitelist and blacklist (by right-clicking "settings" on the tray menu) the lists are completely empty.

I tried "paranoid mode" and I get the alerts. Obviously, I don't want to live this way either, but why did I never get ANY alerts whatsoever?

drragostea
2010-01-10, 21:57
Situation two, the newer builds of TeaTimer uses whitelisting, thus legitimate changes that are safe will be automatically allowed (less prompts).
That is my point. Since you do not want any prompts (technically not possible, but I'm saying "less" prompts) the current situation you were in when you first posted, apparently, is what you wanted.

Paranoid mode is for users that want to revert to the original behavior of TeaTimer, prompting them on every change. The newer builds do not, they use whitelisting.

If you will untick "Paranoid Mode", you should be fine. After all, I think that is what suits you best.

. Yet, in the log, it shows all kinds of changes, "allowed by user decision".
They could have occurred some time ago.

Obviously, I don't want to live this way either, but why did I never get ANY alerts whatsoever?
You can always feel free to disable TeaTimer.
But then the whole point of having TeaTimer without any prompts would be redundant, because the user is not getting any insight on what is occurring in their machine.

But remember, TeaTimer prompts you on the unknown changes. Good changes it allows, bad changes (malware) it denies.

MitchK
2010-01-10, 22:08
You didn't deal with another of my points:

"Further, when I look at the whitelist and blacklist (by right-clicking "settings" on the tray menu) the lists are completely empty."

Why would this list be empty if there are all these changes that are automatically permitted due to "whitelisting"?

drragostea
2010-01-11, 03:09
This list deals with the changes that the user has ticked "Remember my Decision" and then proceeded to Allow or Deny the change. If they have allowed it, it would be on the whitelist. If it was denied it would be on the blacklist.